Contrast Security is a US based security products company. They are network and cloud security providers.
The scope of the project was to use CNCF for AWS-Lambda Instrumentation to customize the opentelemetery-collector, opentelemetery-lambda and dependent libraries to to understand security context and vulnerability by mapping of ingress and egress data.
Approach
Capture the ingress data to AWS Lambda Faas. For this we needed to setup additional attributes for given span.
Map the Faas event data with SDK calls / http calls to other AWS components like DynamoDb, S3 Bucket, SNS, SQS.
Write custom exporter to transform and hash out the sensitive data, retaining only metadata.
Map the event data to sdk data to inject vulnerabilities for pen-test.
Setting up of lambda layers for supporting webhooks for Events and aws-sdk API calls.
Capturing ingress and egress data and forwarding the same to daemon which is setup as a separate lambda laye.
Outcome
Lambda library runtime pen-test helps identify vulnerabilities that can be passed to internal calls (RDS, DynamoDb) help expose attack surface.
A complete blackbox testing of lambda without having to instrument the code.
We were successfully able to demonstrate data flow from events to SDK, without changing any Lambda code in JS and Python.
Select the fields to be shown. Others will be hidden. Drag and drop to rearrange the order.